← volver
CVE-2026-53907

Stored Cross‑Site Scripting in MCO

CVSS 4.8 MEDIUMCWE-79
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
MyComplianceOffice · MCO

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →